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Claims 



11. A scalable media access portal providing connectivity to network attached 

2 data storage, said scalable media access portal comprising: 

3 a) a first network interface processor coupleable to a first network; 

4 b) a second network interface processor coupleable to second 

5 network; 

6 c) an array of media access processors including an assigned media 

7 access processor operative to terminate a first network media access connection 

8 relative to said first network and provides a second network media access 

9 connection relative to said second network as a proxy for said first network media 

10 access connection; and 

11 d) a switch providing data paths between said first and second 

1 2 network interface processors and said array of media access processors, wherein 

1 3 said first network interface processor is operative to selectively route network data 

1 4 associated with said first network media access connection from said first network 

15 to said assigned media access processor. 

1 2. The scalable media access portal of Claim 1 wherein said first network 

2 media access connection is a state-full connection, wherein said assigned media 

3 access processor maintains state-data reflective of the dynamic state of said first 

4 network media access connection, and wherein said assigned media access 

5 processor is responsive to said state-data in maintaining said second network 

6 media access connection. 
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1 3. The scalable media access portal of Claim 2 wherein assigned media 

2 access processor implements a transaction protocol state-machine to maintain 

3 said second network media access connection in a predetermined correspondence 

4 with said first network media access connection. 

1 4. The scalable media access portal of Claim 3 wherein the network data 

2 selectively routed by said first network interface processor include network media 

3 data packets containing information specific to the transport of media-level data 

4 and wherein said assigned media access processor inspects network media data 

5 packets to obtain said state-data. 

1 5. The scalable media access portal of Claim 4 further comprising a shared 

2 state-data store accessible by said array of media access processors, wherein said 

3 array of media access processors selectively update said shared state-data store, 

4 and wherein said assigned media access processor is responsive to said state- 

5 data accessed from said shared state-data store in maintaining said second 

6 network media access connection. 

1 6. The scalable media access portal of Claim 1 wherein network data 

2 associated with said first and second network media access connection includes 

3 network data packets encapsulating media-level data and wherein said assigned 

4 media access processor provides for the encryption of media-level data within 

5 network data packets. 

1 7. The scalable media access portal of Claim 6 wherein said assigned media 

2 access processor provides for the proxy transfer of first network data packets from 
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said first network media access connection to said second network media access 
connection as second network data packets, said assigned media access 
processor providing for the selective encryption of media-level data within said 
second network data packets based on the proxy determined destination of said 
second network data packets. 

8. The scalable media access portal of Claim 7 wherein said assigned media 
access processor provides for the proxy transfer of second network data packets 
from said second network media access connection to said first network media 
access connection as said first network data packets, said assigned media access 
processor providing for the selective decryption of media-level data from said 
second predetermined network data packets. 

9. The scalable media access portal of Claim 8 wherein said assigned media 
processor maintains coordinated the state of said first and second network media 
access connections to manage the proxy transfer of first and second network data 
packets between said first and second networks. 

1 0. The scalable media access portal of Claim 9 wherein said first and second 
network data packets include media data transport state information and wherein 
said assigned media processor is responsive to said media data transport state 
information to maintain the coordination of said first and second network media 
access connections. 
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11. A secure storage access portal provided in a network between client 
systems and network attached data storage, said secure storage access portal 
comprising: 

a) a data packet processor, including an encryption engine, operative to 
selectively encrypt a media data portion of network data packets provided to said 
data packet processor; and 

b) a network interface processor coupleable to a client network and a 
storage network and coupled to said data packet processor to transfer network 
data packets, said network interface processor operative to associate a persistent 
network data route between said client and storage networks through said data 
packet processor such that network data packets associated with said persistent 
network data route are selectively passed to and from said data packet processor 
by said network interface processor. 

12. The secure storage access portal of Claim 1 1 further comprising a data 
packet processor array that includes said data packet processor, wherein said 
network interface processor is operative to selectively associate a plurality of 
persistent network data routes with said data packet processor. 

13. The secure storage access portal of Claim 12 wherein said plurality of 
persistent network data routes are uniquely associated with said data packet 
processor within said data packet processor array. 

14. The secure storage access portal of Claim 1 1 wherein said data packet 
processor is responsive to a header portion of a predetermined network data 
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3 packet to select an encryption key for use in encrypting said media data portion 

4 of said predetermined network data packet. 

1 15. The secure storage access portal of Claim 14 wherein said data packet 

2 processor is responsive to an identification of a data storage resource provided 

3 by said predetermined network data packet to select said encryption key. 

1 16. A secure storage access portal providing for the routing of data transfer 

2 requests and responses between network clients and storage servers, said network 
p 3 media access controller comprising: 

JJJ 4 a) first network interface processor coupleable to a client network; 

+ : 5 b) second network interface processor coupleable to a data storage 

H 6 network; 

q 7 c) a plurality of data packet processors coupled to said first and second 

8 network interface processors, wherein each said data packet processor is 

9 operative to terminate respective client network connections routed to said 

10 plurality of data packet processors through said first network interface processor 

1 1 and to establish respective storage network connections through said second 

12 network interface processor, wherein each said data packet processor provides 

13 for the proxy transport of data transfer requests and responses between said client 

14 and storage network connections, and wherein each said data packet processor 

15 includes an encryption engine operative to selectively encrypt media-level data 

16 contained within data transfer requests and responses as transported from said 

1 7 client network connections to said storage network connections. 
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1 1 7. The secure storage access portal of Claim 16 further comprising a data 

2 switch provided to separately connect said first and second network interface 

3 processors with said plurality of data packet processors. 

1 1 8. The secure storage access portal of Claim 1 7 further comprising a data 

2 store accessible by said plurality of data packet processors. 

1 1 9. The secure storage access portal of Claim 1 8 wherein predetermined client 

2 network connections are associated as a connection session, wherein instances 

3 of said predetermined client network connections are terminated respectively by 

4 first and second data packet processors, wherein said first data packet processor 
*p 5 is operative to provide session connection data to said data store and said second 
y ; 6 data packet processor is operative to retrieve session connection data from said 

I* 7 data store. 

O' 

!*i 1 20. The secure storage access portal of Claim 1 9 wherein said first and second 

2 network interface processors are responsive to network data packets received from 

3 said client and storage networks, said first and second network interface 

4 processors being operative to associate network data packets with said client and 

5 storage network connections and correspondingly route network data packets to 

6 the respective said data packet processors associated with said client and storage 

7 network connections. 

1 21. The secure storage access portal of Claim 20 further comprising a control 

2 processor coupled through said data switch to said first and second network 

3 interface processors and said plurality of data packet processors, said data store 
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4 being coupled to and accessible by said plurality of data packet processors 

5 through said control processor. 

1 22. A method of providing secure storage of media-level data as transported 

2 over a network within network data packets that encapsulate data storage 

3 packets, wherein data storage packets include storage commands, said method 

4 comprising the steps of: 

5 a) establishing a network connection route for network data packets 

6 provided from a first network through a network data packet processor to a 

7 second network; 

8 b) first processing a network data packet provided through said network 

9 connection route to determine a storage command contained within said network 

1 0 storage packet; 

1 1 c) second processing said network data packet to determine a storage 

12 target resource from a data storage packet encapsulated by said network data 

1 3 packet; and 

14 d) filtering, selectively based on a determined correspondence between 

15 said storage command and said storage target resource, the transport of said 

16 network data packet from said network connection route. 

1 23. The method of Claim 22 further comprising the steps of: 

2 a) locating within said data storage packet, selectively based on said 

3 storage command, media-level data; and 

4 b) encrypting, selectively based on said storage target resource, the media- 

5 level data. 
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24. The method of Claim 23, prior to the step of encrypting, further comprising 
the step of compressing the media-level data, selectively based on said storage 
target resource. 

25. The method of Claim 24 wherein said second processing step includes the 
step of redirecting said network data packet from said storage target resource to 
an alternate storage target resource. 

26. The method of Claim 22 wherein said network data packet processor is 
one of a plurality of network data packet processors, wherein said step of 
establishing includes establishing respective network connection routes through 
said plurality of network data packet processors. 

27. The method of Claim 26 wherein said respective network connection routes 
are persistently established through said plurality of network data packet 
processors. 

28. The method of Claim 27 further comprising the step of third processing 
said network data packet to determine the selection of said network connection 
route from said respective network connection routes. 

29. The method of Claim 28 further comprising the steps of: 

a) locating within said data storage packet, selectively based on said 
storage command, media-level data; and 

b) encrypting, selectively based on said storage target resource, the media- 
level data. 
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30. The method of Claim 29, prior to the step of encrypting, further comprising 
the step of compressing the media-level data, selectively based on said storage 
target resource. 

31 . The method of Claim 30 wherein said second processing step includes the 
step of redirecting said network data packet from said storage target resource to 
an alternate storage target resource. 
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